-1

I am loading the JNI libraries using System.loadLibrary("xyz") and it works fine. But the thing is, when using java.lang.System.load() to load a library, an attacker can replace or modify the original file with a malicious one if the full path of the dynamic library is specified in a world readable location (such as the SDCard). This can result in the loading of untrusted content into the Dalvik VM.

So this can be fixed using fully qualified path to the target library. For some reason I am not able to get succeed in providing fully qualified path.

Below are the things I tried but no luck.

System.load ("xyz")

System.load ("/src/main/jni/lib/xyz")

System.load ("/system/lib/xyz")

Can someone please suggest where I am going wrong.

Shreeya Chhatrala
  • 1,441
  • 18
  • 33
sachi
  • 195
  • 1
  • 2
  • 12
  • Make sure to provide full name of the lib. I guess xyz in your case is actually libxyz.so – Oo.oO Aug 01 '17 at 10:29
  • @mko Yes. It's has .so. – sachi Aug 01 '17 at 11:09
  • This line should fix the issue: System.load ("/some_loction/lib/libxyz.so") assuming you have access rights. – Oo.oO Aug 01 '17 at 11:14
  • 'No luck' is not a problem descripton. You need to provide the exact error message and stack trace. But the `src` directory won't be there at runtime, and the runtime deployment directory won't be the same as your project location in your development system. – user207421 Apr 02 '21 at 09:29

2 Answers2

0

You need to set the 'jniLibs.srcDirs' in the gradle file.

Something like:

main {
       ...
       jniLibs.srcDirs 'lib'
}
yakobom
  • 2,681
  • 1
  • 25
  • 33
0

I have the same problem with you. When load a lib in java.library.path(located in /data/data/com.xxx.yyy/lib/[abi]), System.loadLibrary is OK. But when load a lib from a absolute path, we should use System.load. For example:

System.load("/data/data/com.xxx.yyy/files/xxx/libxyz.so")
Jack Zhang
  • 178
  • 2
  • 8